Sony Loses The War On Piracy, Flees To Courtoom

rated by 0 users
This post has 18 Replies | 2 Followers

Top 10 Contributor
Posts 26,161
Points 1,185,490
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Jan 12 2011 9:14 PM
Sony's attempts to prevent piracy on both the PS3 and PSP have taken a number of blows in recent weeks. Today, the company announced that it intends to sue the PS3 hacker GeoHot, who's been an increasingly large thorn in the company's side over the past 18 months. When Sony released the 3.21 firmware update that broke Other OS functionality, it was GeoHot who first demonstrated his own custom firmware running both 3.21 and Other OS simultaneously. For more information on the repercussions of Sony's decision and its anti-piracy efforts to that date, check our original coverage here.

Let's recap first. Last fall, Sony cut the price of its PSP Go from $249 to $199 in a purported attempt to boost the system's anemic sales. The PSP Go has a number of flaws when compared to the PSP, but the most significant is its inability to play UMD-based games. The PSP Go was designed without a UMD slot to make it harder to hack, but Sony was apparently unable to reconcile its desire to prevent piracy with the need to build a product people actually buy.


The PSP's mod kit in action. Unlike the PS3 modifications, the PSP Go's changes *were* intended to change what games people could play. On the other hand, it's Sony's fault the problem exists in the first place.

That's something of a moot point now. Less than two years after its launch, the PSP Go has been cracked and demonstrated running games previously available only to owners of a standard PSP. Exactly how the company will respond is unclear, but it's safe to assume it'll include a firmware update that once again prevents PSP Go owners from playing a compatible game they can legally purchase.

As for the PS3, the gates have split wide open. The group investigating the PS3, Fail0verflow, discovered a serious flaw in the algorithm used to generate the PS3's cryptographic keys. According to pytey, a member of the group, "The complete console is compromised - there is no recovery from this. This is as bad as it gets - someone is getting into serious trouble at Sony right now."


From Fail0verflow's presentation.

GeoHot, aka George Hotz and Fail0verflow weren't formally working together. After viewing the latter's presentation, however, GeoHot was unable to crack and publish the PS3's master key. Both say they abhor piracy and were only interested in re-enabling Open OS and homebrew software. Hotz first announced he'd cracked the system in January of 2010, an event that prompted Sony to kill Other OS functionality altogether via firmware update.


Step 2:  Alienate your most technically proficient and hacker-friendly customer base:  Penguinistas to arms!

According to pytey, this was the point at which Fail0verflow jumepd into the fray. "It became a valid target," pytey told BBC News. "That was the motivation for us to hack it. ...It was not trivial to do this."

In theory, the PS3 should never have been vulnerable to the attack method that's compromised it. At the most basic level, the system relies upon a master private key that's held by Sony to verify that any given console's firmware is legitimate/protected. Because this verification key is meant to incorporate a truly random number when generated, it should have taken millions of years to derive the master key by observing the public key used to verify the system. It should have worked—but Sony's signature software, which the company wrote itself, used a constant number rather than a random one.


Step 3:  Oops.

The nature of the flaw makes it impossible to fix. Sony will undoubtedly claim to have 'fixed' the situation via firmware updates, but anything it tries will be the equivalent of surface repairs to a home with a broken foundation. Sony's only real option is to correct its algorithm and spin a new version of the PS3 that's designed to verify the correctly generated signature instead of the broken one. This is, at best, an imperfect solution and could cause major software problems. Even if it doesn't, there's no way for Sony to repair the 40 million-plus consoles its already sold. In the space of a few weeks, the company's entire antipiracy strategy has collapsed. Sony's response thus far has been to scurry into federal court to demand all copies of the relevant information be pulled offline; the company has apparently never heard of the "Streisand effect".



Step 4: The flawed public crypto key is what kills the system, but the other labels reflect other PS3 systems that have been independently hacked without using the flawed key.

It was inevitable that Sony would hurl every book it could find at the hackers in question, but it's not clear what the outcome will be. The individuals in question are on record as being strongly against piracy, they've painstakingly documented the flaws in the PS3's security systems, they aren't out for commercial gain, and they were working to restore functionality that existed when they purchased their consoles. When we covered the impact of killing Other OS last May, we concluded: "Even if the courts eventually rule Sony's removal of Other OS functionality doesn't constitute a breach of California law, there's still something to be said for not alienating a group of customers you openly courted just three years ago."

Them's words good enough to end on for a second time.
  • | Post Points: 140
Not Ranked
Posts 12
Points 165
Joined: Oct 2010

They didn't lose the war on piracy. They lost the war they were waging on consumers directly.

A war Microsoft lost LONG ago. Remember, when it comes to tech, anything is possible.

  • | Post Points: 20
Top 100 Contributor
Posts 1,072
Points 11,625
Joined: Jul 2009
Joel H replied on Thu, Jan 13 2011 11:15 AM

DeathPaladin,

You're drawing an incorrect conclusion as far as the root crack is concerned. The other hacks may fall fairly into the 'anything is possible' category, but the private key discovery is possible because Sony f*cked up in a massive way. If the private key was still secure my understanding is that the other flaws would be serious but potentially patchable.

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Thu, Jan 13 2011 12:22 PM

I think Sony has possibly made a major miscalculation here. I wouldn't be surprised to see them lose if the EFF or someone else bankrolls the hackers' defense.

Mistake #1: Pursuing this when Sony themselves initiated it via the removal of OtherOS/Linux. That gave the hackers tools a "reasonable non-infringing use." (i.e. to restore the functionality that was advertised at the sale of the console).

Sony once found themselves on the very opposite side of this argument during the days of Betamax vs. MPAA (and won!)

Mistake #2: Suing people that have repeatedly spoken out against piracy, instead of people actually engaged in piracy. These people don't seem to be directly responsible for any piracy whatsoever.  Smith & Wesson isn't liable for murders with their guns, nor should these guys be liable for misuse of their tools.

Mistake #3: Naming members of fail0verflow in the suit. fail0verflow members are in the EU and therefore not subject to the DMCA.

I can't wait for AsbestOS or some other project to release a signed package. I'll be able to boot my PS3 from a signed image - that doesn't suffer from Sony's artificial hypervisor restrictions on the RSX, and finally update my firmware from 3.20 to a version that allows me to play online again.

We'll just have to see if "justice" is done.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

Top 10 Contributor
Posts 8,648
Points 104,085
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Thu, Jan 13 2011 1:15 PM

A lawsuit against hacking by the company that brought us one of the most widely propagated secret root-kit viruses that the world has ever seen.

One has to laugh at them,........Ha-Ha!

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 20
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Thu, Jan 13 2011 1:26 PM

True realneil. It's easy to forget the rootkit fiasco Sony perpetrated against Windows owners.

http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

They appear to be working under the impression that anything they do is legal, no matter how blatantly wrong, and that anything a user does to assert control over his own system/media is automatically illegal. Apparently some EULA that practically no one ever read (and which almost certainly contains things not legal in all jurisdictions) trumps common sense and legal rights.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Top 100 Contributor
Posts 1,072
Points 11,625
Joined: Jul 2009
Joel H replied on Thu, Jan 13 2011 2:00 PM

3vi1,

"They appear to be working under the impression that anything they do is legal, no matter how blatantly wrong, and that anything a user does to assert control over his own system/media is automatically illegal."

Let's not forget that a conservative reading of the DMCA encourages this interpretation. The efficacy of a copyright protection system is considered irrelevant when calculating whether or not a hacker has broken the law. The mere *presence* of something the company can claim constitutes copy protection is, in theory, all they need--even if they simply did an A = Z alphabet reversal.

I suspect that Sony might be found to have violated some US consumer protection laws but the DMCA does not make allowances for hackers attempting to restore machine capabilities. I think Sony will ultimately prevail in court--not that they'll ever recover what they'll lose in piracy.

  • | Post Points: 20
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Thu, Jan 13 2011 7:44 PM

For the most part I agree with you, and think the DMCA is the worst thing Clinton ever signed. I slightly disagree on one point though:

>> the DMCA does not make allowances for hackers attempting to restore machine capabilities.

Section 1201 has seven exemptions. The three that I think are relevant are:

- Reverse engineering in order to develop interoperable programs; [1201(f)]: I believe this could be construed to include homebrew apps.

- Encryption Research; [1201(g)]: Definitely part of what they were doing.

- Security Testing [1201(j)]: Also what they were doing.

Also, don't forget that there are other exemptions in there for legally obtained video games, and iPhone jailbreaking. It's not inconceivable that PS3 jailbreaking could get added as an exemption as a result of this case.

And on top of all this, as I said earlier.  The fail0verflow guys are in Europe.  The DMCA does not apply to them (another reason America should have fewer stupid rules/patents tying the hands of innovation).

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • Filed under:
  • | Post Points: 5
Top 10 Contributor
Posts 8,648
Points 104,085
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Thu, Jan 13 2011 7:46 PM

Joel H:
I think Sony will ultimately prevail in court--not that they'll ever recover what they'll lose in piracy.

I don't have a shred of sympathy for them. I hope that they take a bath.

This situation being discussed doesn't affect me at all, because I quit buying Sony anything after the root-kit fiasco. I don't usually forgive or forget either. So if those jerks want loyalty, then they're gonna have to go out and buy a Dog.

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 100 Contributor
Posts 1,072
Points 11,625
Joined: Jul 2009
Joel H replied on Thu, Jan 13 2011 9:39 PM

3vi1,

True regarding Europe, though that's a loophole ACTA is supposed to close. I suspect Sony will do its best to make an example of GeoHot.

  • | Post Points: 5
Not Ranked
Posts 1
Points 20
Joined: Jan 2011
paulkevin replied on Fri, Jan 14 2011 3:08 AM

Why doesnt Sony just hire the guy. It seems he is better than their entire programming staff

  • | Post Points: 20
Not Ranked
Posts 16
Points 215
Joined: Jan 2011
Lakawak replied on Fri, Jan 14 2011 4:14 AM

DeathPaladin...how did Microsoft lose that war that you speak? Oh wait...I see...you are one of those social outcasts who thinks that everyone is like you when in fact, no one wants to live even one second of their lives like you. The VAST majority of people like Microsoft and hteir products

  • | Post Points: 35
Not Ranked
Posts 1
Points 5
Joined: Jan 2011
ESarjeant replied on Fri, Jan 14 2011 8:49 AM

I think the reference to Microsoft here might be to WGA (Windows Genuine Advantage). This was their anti-piracy software which has failed in numerous ways, not the least of which has been to flag non-pirated copies of Windows as invalid -- with something on the order of 20% of WGA violations being false positives.

As far as I'm concerned, this would classify as a failure and in fact Microsoft is slowly giving up on this. Portions of their products and website that use to require WGA validation are going away. A good example is the MS Office download portion of microsoft.com, where recently WGA checks have been removed and Microsoft is now offering document templates without any restrictions.

  • | Post Points: 5
Top 50 Contributor
Posts 2,617
Points 32,625
Joined: Oct 2005
Location: Minnesota, United States
ice91785 replied on Fri, Jan 14 2011 5:18 PM

Little stretch there paulkevin...its different when you have a team of programmers that develop literally millions of lines of code and (probably) one or two f-ed up on this particular crypto-function.

These hackers know how try and break code, not necessarily how to be expert-writers. Think of it this way, if you know how to rip apart or destroy a car engine, that doesn't necessarily mean you can put it back together in a good working order...

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Jan 14 2011 6:35 PM

Sony's already running into problems with the suit: The judge says that "Sony has to show that George Hotz [...] has some connection to California if Sony is to claim damages for his work on the PS3."

Good luck on that.  As far as I know, George lives in New Jersey.  So much for Sony's tactic of suing out-of-state to cause financial duress to Hotz - they'll have to re-file in NJ.  If they file in any other location, particularly one with a history of stupidly defending IP like east-Texas, they'll prove they're douchebags.

http://www.ibtimes.com/articles/101329/20110114/sony-must-show-jurisdiction-over-hotz.htm

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Not Ranked
Posts 1
Points 5
Joined: Jan 2011
JDeckard replied on Sun, Jan 16 2011 8:30 AM

Sony deserves to go under. I refuse to buy Sony because of their CDs installing Rootkits on PCs. Goodbye looser.

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Wed, Jan 19 2011 8:11 AM

update: I read somewhere the other day that Sony's trying to defend its out-of-state suit by saying that Hotz had once visited California (on vacation or something), as deduced from his Twitter logs.

Really? Now you can be sued anywhere you've ever been for an alleged crime that didn't even occur there? It's a good thing George never went to one of those countries that doesn't understand tech and has sentences where they cut off your hands.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 10 Contributor
Posts 8,648
Points 104,085
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Wed, Jan 19 2011 10:03 AM

3vi1:
I read somewhere the other day that Sony's trying to defend its out-of-state suit by saying that Hotz had once visited California (on vacation or something)

Lawyers will spend days (as long as they're working on your clock) picking fly S**T out of the pepper. Anything to salvage their case that they didn't think through, before they filed the suit.

Remember that Sony is paying these guys the big bucks to save face in this matter, and you know how vitally important it is to save face in oriental culture! 

Of course, we all know that if they had any real smarts, they would care more for their customers happiness than saving face. It really isn't about them at all.

Embarrassed

Edit: I posted this and went right away to eat breakfast. When I returned, my post was mangled and scrambled and not what I had written at all. What's going on here?

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 5
Top 25 Contributor
Posts 3,587
Points 54,890
Joined: Jul 2004
Location: United States, Massachusetts
ForumsAdministrator
MembershipAdministrator
Dave_HH replied on Fri, Jan 28 2011 9:07 AM

Lakawak:

DeathPaladin...how did Microsoft lose that war that you speak? Oh wait...I see...you are one of those social outcasts who thinks that everyone is like you when in fact, no one wants to live even one second of their lives like you. The VAST majority of people like Microsoft and hteir products

 

Keep attacking members and the ban hammer is coming your way, Lak.

Editor In Chief
http://hothardware.com


  • | Post Points: 5
Page 1 of 1 (19 items) | RSS